﻿
using OpenIddict.Abstractions;
using Volo.Abp.DependencyInjection;

namespace Ebusiness_Authservice.Services
{
    /// <summary>
    /// ApplicationsService 接口实现
    /// </summary>
    [Dependency(ServiceLifetime.Singleton)]
    public class ApplicationsService : IApplicationsService
    {

        //public IOpenIddictApplicationManager _applicationManager { set; get; }

        public IOpenIddictApplicationManager openIddictApplicationManager { set; get; }

        public ApplicationsService()
        {

        }

        /// <summary>
        /// 
        /// </summary>
        /// <param name="ClientId"></param>
        /// <param name="ClientSecret"></param>
        /// <param name="DisplayName"></param>
        /// <returns></returns>
        public async Task CreatAsync(string ClientId, string ClientSecret, string DisplayName)
        {
            #region   abp opendidct框架
            {
                //// 客户端配置
                //if (await _applicationManager.FindByClientIdAsync(ClientId) == null)
                //{
                //    await _applicationManager.CreateAsync(new OpenIddictApplicationDescriptor
                //    {
                //        ClientId = ClientId,
                //        ClientSecret = ClientSecret,
                //        ConsentType = OpenIddictConstants.ConsentTypes.Explicit,
                //        DisplayName = DisplayName,
                //        PostLogoutRedirectUris =
                //    {
                //        new Uri("https://localhost:44302/signout-callback-oidc"),
                //        new Uri("http://localhost:4200")
                //    },
                //        RedirectUris =
                //    {
                //        new Uri("https://localhost:44302/signin-oidc"),
                //        new Uri("http://localhost:4200")
                //    },
                //        // 具体的权限
                //        Permissions =
                //    {
                //        //声明这个客户端可以访问的 授权服务器端点
                //        OpenIddictConstants.Permissions.Endpoints.Authorization, //connect/authorize 用户登录和授权客户端访问资源的入口。典型场景：Authorization Code Flow
                //        OpenIddictConstants.Permissions.Endpoints.Token,  //connect/token
                //        //OpenIddictConstants.Permissions.Endpoints.DeviceAuthorization,  //connect/device
                //        OpenIddictConstants.Permissions.Endpoints.Introspection, //onnect/introspect 资源服务器调用此端点验证 Access Token 是否有效，并获取相关 Claims
                //        OpenIddictConstants.Permissions.Endpoints.Revocation,  // /connect/revoke 允许客户端或资源服务器撤销 Access Token 或 Refresh Token，使其失效。
                //        OpenIddictConstants.Permissions.Endpoints.EndSession,  // /connect/endsession  结束会话端点（Logout），用户登出时调用，清理会话并可选择通知客户端。

                //        OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode,
                //        OpenIddictConstants.Permissions.GrantTypes.Implicit,
                //        OpenIddictConstants.Permissions.GrantTypes.Password,
                //        OpenIddictConstants.Permissions.GrantTypes.RefreshToken,
                //        OpenIddictConstants.Permissions.GrantTypes.DeviceCode,
                //        OpenIddictConstants.Permissions.GrantTypes.ClientCredentials,
                //        OpenIddictConstants.Permissions.Prefixes.GrantType + "MyTokenExtensionGrant",

                //        OpenIddictConstants.Permissions.ResponseTypes.Code,
                //        OpenIddictConstants.Permissions.ResponseTypes.CodeIdToken,
                //        OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken,
                //        OpenIddictConstants.Permissions.ResponseTypes.CodeToken,
                //        OpenIddictConstants.Permissions.ResponseTypes.IdToken,
                //        OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken,
                //        OpenIddictConstants.Permissions.ResponseTypes.None,
                //        OpenIddictConstants.Permissions.ResponseTypes.Token,

                //        OpenIddictConstants.Permissions.Scopes.Roles,
                //        OpenIddictConstants.Permissions.Scopes.Profile,
                //        OpenIddictConstants.Permissions.Scopes.Email,
                //        OpenIddictConstants.Permissions.Scopes.Address,
                //        OpenIddictConstants.Permissions.Scopes.Phone,
                //        OpenIddictConstants.Permissions.Prefixes.Scope + "OrderService" // 定义权限
                //    }
                //    });
                //}
            }
            #endregion

            #region 原生框架 openddict
            {
                // 创建客户端应用（电商网站客户端）
                if (await openIddictApplicationManager.FindByClientIdAsync(ClientId) == null)
                {
                    await openIddictApplicationManager.CreateAsync(new OpenIddictApplicationDescriptor
                    {
                        ClientId = ClientId,           // 客户端ID
                        ClientSecret = ClientSecret,       // 客户端密钥
                        DisplayName = DisplayName,            // 显示名称
                        PostLogoutRedirectUris =
                               {
                                   new Uri("https://localhost:44302/signout-callback-oidc"),
                                   new Uri("http://localhost:4200")
                               },
                        RedirectUris =
                                {
                                    new Uri("https://localhost:44302/signin-oidc"),
                                    new Uri("http://localhost:4200")
                                },
                        Permissions = // 客户端权限配置  必须声明允许使用哪些权限，否则调用时会被拒绝
                           {
                               // 端点权限
                               OpenIddictConstants.Permissions.Endpoints.Token,           // 令牌端点
                               OpenIddictConstants.Permissions.Endpoints.Authorization,   // 授权端点
                               //OpenIddictConstants.Permissions.Endpoints.Userinfo,        // 用户信息端点
                               "ept:userinfo",        // 用户信息端点
                               OpenIddictConstants.Permissions.Endpoints.Introspection,   // 内省端点
                               OpenIddictConstants.Permissions.Endpoints.Revocation,      // 回收端点
                               OpenIddictConstants.Permissions.Endpoints.EndSession,
                               
                              // 授权类型权限
                              //OpenIddictConstants.Permissions.GrantTypes.* 就是用来控制 客户端允许使用哪些授权类型
                              //这个客户端只能用 授权码模式：
                              //grant_type=authorization_code
                                OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode, // 授权码模式
                               OpenIddictConstants.Permissions.GrantTypes.ClientCredentials, // 客户端凭据模式
                               OpenIddictConstants.Permissions.GrantTypes.RefreshToken,      // 刷新令牌模式
                                OpenIddictConstants.Permissions.GrantTypes.Password,
                               //        OpenIddictConstants.Permissions.Prefixes.GrantType + "MyTokenExtensionGrant",
                               
                               // 作用域权限
                               OpenIddictConstants.Permissions.Scopes.Email,    // 邮箱作用域
                               OpenIddictConstants.Permissions.Scopes.Profile,  // 个人信息作用域
                               OpenIddictConstants.Permissions.Scopes.Roles,    // 角色作用域

                               OpenIddictConstants.Permissions.Scopes.Address,
                               OpenIddictConstants.Permissions.Scopes.Phone,
                               OpenIddictConstants.Permissions.Prefixes.Scope + "OrderService", // 定义权限
                               
                               //ResponseTypes 限制的是 授权端点的 response_type
                               // 响应类型权限
                               OpenIddictConstants.Permissions.ResponseTypes.Code,  // 授权码响应
                               OpenIddictConstants.Permissions.ResponseTypes.Token,  // 令牌响应
                               OpenIddictConstants.Permissions.ResponseTypes.CodeIdToken,
                               OpenIddictConstants.Permissions.ResponseTypes.CodeIdTokenToken,
                               OpenIddictConstants.Permissions.ResponseTypes.CodeToken,
                               OpenIddictConstants.Permissions.ResponseTypes.IdToken,
                               OpenIddictConstants.Permissions.ResponseTypes.IdTokenToken,
                               OpenIddictConstants.Permissions.ResponseTypes.None,
                         }
                    });
                }
            }
            #endregion
        }
    }
}
